I cannot disable App Transport Security (ATS) in Xcode 9.2. I have been (for years) disabling ATS when running builds against my local server environment like so:
Transport security has blocked a cleartext HTTP
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
In Xcode 9.2, a simple request (running against a local Rails app in http mode):
let session = URLSession(configuration: .default)
let url = URL(string: "http://store.dev/api/products.json")!
let task = session.dataTask(with: url) { data, response, error in
print(data)
print(response)
print(error)
}
task.resume()
fails with the error message
Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={_kCFStreamErrorCodeKey=-9802, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x60c00024afb0 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9802, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://store.dev/api/products.json, NSErrorFailingURLStringKey=https://store.dev/api/products.json, _kCFStreamErrorDomainKey=3}
This exact same request (same project as well) succeeds on Xcode 9.1.
In both cases, I'm building against a iOS 11.1 deployment target. You can see that Xcode is changing the url from http to https, which I do not want.
Here is a link to the super basic project that works in Xcode 9.1 but fails in 9.2 (https://github.com/chrismanderson/ats-sample).
I've also tried disabling ATS just for the local store.dev domain, and again, it works on Xcode 9.1 but not 9.2.